logo
ArticlesConferencesPresentations
Dates
Author
Conferences
Tags

Sort by:  

Using the EBPF Superpowers To Generate Kubernetes Security Policies

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Alban Crequy, Mauricio Vásquez Bernal
2022-10-26

tldr - powered by Generative AI

The presentation discusses the use of tools for developing initial security policies and network policies in Kubernetes environments. It also explores the challenges of maintaining these policies over time as applications change.
  • Tools can be used to develop initial security policies in Kubernetes environments
  • Network policies are generated based on captured traffic and enriched with Kubernetes-related information
  • Maintaining policies over time can be challenging as applications change and may require new capabilities or system calls
  • Automatic updates to policies may not be reliable without human supervision
Tags:
Kubernetes security
eBPF
network policies
SecComp
security contexts

Panel Discussion: Say Hi to the New Couple in the Town – DockerSlim and Kyverno – Making Your Kubernetes Workloads More Secure!

Conference:  Cloud Native SecurityCon North America 2022
Authors: Mritunjay Sharma, Shuting Zhao, Ruhika Bulani
2022-10-25

tldr - powered by Generative AI

The panel discussion focuses on the intersection of Kyverno and DockerSlim in making Kubernetes workloads more secure.
  • Containers have become the norm as cloud adoption increases sharply.
  • Developers face challenges in making containers production-ready and secure.
  • Kyverno and DockerSlim are two projects that address these challenges.
  • Kyverno provides policies that act as a contract for shared environments like Kubernetes.
  • DockerSlim helps in minifying container images and automating the creation of AppArmor and SecComp profiles.
  • The combination of Kyverno and DockerSlim makes cluster security management easier and more efficient.
Tags:
container images
minification
AppArmor
SecComp
Kyverno

Unravelling the Magical Act of DockerSlim Minifying Container Images

Conference:  ContainerCon 2022
Authors: Mritunjay Sharma
2022-06-23

tldr - powered by Generative AI

Docker Slim is a tool that makes Docker images smaller, faster, and more secure by analyzing and collecting information from a temporary container.
  • Docker Slim creates a temporary container to analyze and collect information from a fat image
  • It applies heuristics to optimize the image and create a security profile
  • The resulting slim image is much smaller and faster than the original image
  • Docker Slim is a developer-oriented tool that can be used on existing commercial software
  • Future plans for Docker Slim include introducing a Docker Compose feature and using traditional HTTP probes
Tags:
Docker containers
Open Source Summit
Mritunjay
DockerSlim
SecComp

Containers Security Layers and How Not to Break them

Conference:  ContainerCon 2022
Authors: Aviv Sasson
2022-06-22
Containers are glorified by the fact that no one can escape them, and frankly - escaping containers is a tricky and complex task that is impossible in most scenarios. Many security layers restrict the container in order to prevent an escape. But what are those layers? How do they work? What are their defaults? Can we modify them? Should we? This session will present the Linux kernel features and mechanisms that make up those layers, including Capabilities, Seccomp, SELinux, and AppArmor. It will discuss how container runtimes implement them to create a security stack that keeps the container tamed and whether if it is possible to modify them for specific use cases while explaining the security risks of such actions.
Tags:
container security
linux kernel
capabilities
SecComp
SELinux